Warning: Permanently added '[localhost]:64467' (ECDSA) to the list of known hosts. 2025/09/01 11:37:39 fuzzer started 2025/09/01 11:37:39 dialing manager at localhost:35473 syzkaller login: [ 50.805961] cgroup: Unknown subsys name 'net' [ 50.882062] cgroup: Unknown subsys name 'cpuset' [ 50.903315] cgroup: Unknown subsys name 'rlimit' 2025/09/01 11:37:50 syscalls: 2214 2025/09/01 11:37:50 code coverage: enabled 2025/09/01 11:37:50 comparison tracing: enabled 2025/09/01 11:37:50 extra coverage: enabled 2025/09/01 11:37:50 setuid sandbox: enabled 2025/09/01 11:37:50 namespace sandbox: enabled 2025/09/01 11:37:50 Android sandbox: enabled 2025/09/01 11:37:50 fault injection: enabled 2025/09/01 11:37:50 leak checking: enabled 2025/09/01 11:37:50 net packet injection: enabled 2025/09/01 11:37:50 net device setup: enabled 2025/09/01 11:37:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/09/01 11:37:50 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/09/01 11:37:50 USB emulation: enabled 2025/09/01 11:37:50 hci packet injection: enabled 2025/09/01 11:37:50 wifi device emulation: enabled 2025/09/01 11:37:50 802.15.4 emulation: enabled 2025/09/01 11:37:50 fetching corpus: 0, signal 0/2000 (executing program) 2025/09/01 11:37:50 fetching corpus: 50, signal 21735/25287 (executing program) 2025/09/01 11:37:50 fetching corpus: 100, signal 31075/36142 (executing program) 2025/09/01 11:37:51 fetching corpus: 150, signal 37906/44365 (executing program) 2025/09/01 11:37:51 fetching corpus: 200, signal 46535/54145 (executing program) 2025/09/01 11:37:51 fetching corpus: 250, signal 51013/59876 (executing program) 2025/09/01 11:37:51 fetching corpus: 300, signal 54538/64627 (executing program) 2025/09/01 11:37:51 fetching corpus: 350, signal 60051/71099 (executing program) 2025/09/01 11:37:51 fetching corpus: 400, signal 65149/77124 (executing program) 2025/09/01 11:37:51 fetching corpus: 450, signal 70627/83342 (executing program) 2025/09/01 11:37:51 fetching corpus: 500, signal 73499/87132 (executing program) 2025/09/01 11:37:51 fetching corpus: 550, signal 77799/92080 (executing program) 2025/09/01 11:37:51 fetching corpus: 600, signal 80223/95369 (executing program) 2025/09/01 11:37:51 fetching corpus: 650, signal 81554/97682 (executing program) 2025/09/01 11:37:52 fetching corpus: 700, signal 84037/100929 (executing program) 2025/09/01 11:37:52 fetching corpus: 750, signal 86061/103762 (executing program) 2025/09/01 11:37:52 fetching corpus: 800, signal 87529/106078 (executing program) 2025/09/01 11:37:52 fetching corpus: 850, signal 89954/109164 (executing program) 2025/09/01 11:37:52 fetching corpus: 900, signal 91719/111636 (executing program) 2025/09/01 11:37:52 fetching corpus: 950, signal 93655/114228 (executing program) 2025/09/01 11:37:52 fetching corpus: 1000, signal 95839/116984 (executing program) 2025/09/01 11:37:52 fetching corpus: 1050, signal 97823/119569 (executing program) 2025/09/01 11:37:52 fetching corpus: 1100, signal 99023/121452 (executing program) 2025/09/01 11:37:52 fetching corpus: 1150, signal 100869/123783 (executing program) 2025/09/01 11:37:52 fetching corpus: 1200, signal 102511/126001 (executing program) 2025/09/01 11:37:53 fetching corpus: 1250, signal 104058/128088 (executing program) 2025/09/01 11:37:53 fetching corpus: 1300, signal 104911/129632 (executing program) 2025/09/01 11:37:53 fetching corpus: 1350, signal 106609/131716 (executing program) 2025/09/01 11:37:53 fetching corpus: 1400, signal 107774/133426 (executing program) 2025/09/01 11:37:53 fetching corpus: 1450, signal 110477/136165 (executing program) 2025/09/01 11:37:53 fetching corpus: 1500, signal 111556/137781 (executing program) 2025/09/01 11:37:53 fetching corpus: 1550, signal 112625/139321 (executing program) 2025/09/01 11:37:53 fetching corpus: 1600, signal 113921/140969 (executing program) 2025/09/01 11:37:53 fetching corpus: 1650, signal 115218/142600 (executing program) 2025/09/01 11:37:53 fetching corpus: 1700, signal 116033/143955 (executing program) 2025/09/01 11:37:53 fetching corpus: 1750, signal 117472/145673 (executing program) 2025/09/01 11:37:54 fetching corpus: 1800, signal 118132/146857 (executing program) 2025/09/01 11:37:54 fetching corpus: 1850, signal 119682/148616 (executing program) 2025/09/01 11:37:54 fetching corpus: 1900, signal 120574/149924 (executing program) 2025/09/01 11:37:54 fetching corpus: 1950, signal 121637/151314 (executing program) 2025/09/01 11:37:54 fetching corpus: 2000, signal 122493/152600 (executing program) 2025/09/01 11:37:54 fetching corpus: 2050, signal 123651/154008 (executing program) 2025/09/01 11:37:54 fetching corpus: 2100, signal 124544/155312 (executing program) 2025/09/01 11:37:54 fetching corpus: 2150, signal 125128/156312 (executing program) 2025/09/01 11:37:54 fetching corpus: 2200, signal 125969/157494 (executing program) 2025/09/01 11:37:54 fetching corpus: 2250, signal 126759/158634 (executing program) 2025/09/01 11:37:54 fetching corpus: 2300, signal 127246/159600 (executing program) 2025/09/01 11:37:55 fetching corpus: 2350, signal 127834/160598 (executing program) 2025/09/01 11:37:55 fetching corpus: 2400, signal 128520/161591 (executing program) 2025/09/01 11:37:55 fetching corpus: 2450, signal 129452/162728 (executing program) 2025/09/01 11:37:55 fetching corpus: 2500, signal 130248/163781 (executing program) 2025/09/01 11:37:55 fetching corpus: 2550, signal 131099/164795 (executing program) 2025/09/01 11:37:55 fetching corpus: 2600, signal 131952/165813 (executing program) 2025/09/01 11:37:55 fetching corpus: 2650, signal 132721/166793 (executing program) 2025/09/01 11:37:55 fetching corpus: 2700, signal 133435/167722 (executing program) 2025/09/01 11:37:55 fetching corpus: 2750, signal 134243/168683 (executing program) 2025/09/01 11:37:55 fetching corpus: 2800, signal 134968/169581 (executing program) 2025/09/01 11:37:56 fetching corpus: 2850, signal 135778/170527 (executing program) 2025/09/01 11:37:56 fetching corpus: 2900, signal 136449/171361 (executing program) 2025/09/01 11:37:56 fetching corpus: 2950, signal 137091/172182 (executing program) 2025/09/01 11:37:56 fetching corpus: 3000, signal 137701/173011 (executing program) 2025/09/01 11:37:56 fetching corpus: 3050, signal 138478/173901 (executing program) 2025/09/01 11:37:56 fetching corpus: 3100, signal 139169/174726 (executing program) 2025/09/01 11:37:56 fetching corpus: 3150, signal 140768/175817 (executing program) 2025/09/01 11:37:56 fetching corpus: 3200, signal 141252/176510 (executing program) 2025/09/01 11:37:56 fetching corpus: 3250, signal 141787/177232 (executing program) 2025/09/01 11:37:56 fetching corpus: 3300, signal 142605/178050 (executing program) 2025/09/01 11:37:56 fetching corpus: 3350, signal 143249/178757 (executing program) 2025/09/01 11:37:57 fetching corpus: 3400, signal 143806/179455 (executing program) 2025/09/01 11:37:57 fetching corpus: 3450, signal 144333/180136 (executing program) 2025/09/01 11:37:57 fetching corpus: 3500, signal 144882/180783 (executing program) 2025/09/01 11:37:57 fetching corpus: 3550, signal 145577/181512 (executing program) 2025/09/01 11:37:57 fetching corpus: 3600, signal 146118/182191 (executing program) 2025/09/01 11:37:57 fetching corpus: 3650, signal 146527/182800 (executing program) 2025/09/01 11:37:57 fetching corpus: 3700, signal 147110/183434 (executing program) 2025/09/01 11:37:57 fetching corpus: 3750, signal 147539/183980 (executing program) 2025/09/01 11:37:57 fetching corpus: 3800, signal 148387/184668 (executing program) 2025/09/01 11:37:58 fetching corpus: 3850, signal 149096/185252 (executing program) 2025/09/01 11:37:58 fetching corpus: 3900, signal 149625/185800 (executing program) 2025/09/01 11:37:58 fetching corpus: 3950, signal 150147/186338 (executing program) 2025/09/01 11:37:58 fetching corpus: 4000, signal 151092/186979 (executing program) 2025/09/01 11:37:58 fetching corpus: 4050, signal 151396/187481 (executing program) 2025/09/01 11:37:58 fetching corpus: 4100, signal 151932/187983 (executing program) 2025/09/01 11:37:58 fetching corpus: 4150, signal 152365/188439 (executing program) 2025/09/01 11:37:58 fetching corpus: 4200, signal 153502/188994 (executing program) 2025/09/01 11:37:58 fetching corpus: 4250, signal 154134/189481 (executing program) 2025/09/01 11:37:58 fetching corpus: 4300, signal 154872/189968 (executing program) 2025/09/01 11:37:59 fetching corpus: 4350, signal 155657/190498 (executing program) 2025/09/01 11:37:59 fetching corpus: 4400, signal 156134/190945 (executing program) 2025/09/01 11:37:59 fetching corpus: 4450, signal 156672/191403 (executing program) 2025/09/01 11:37:59 fetching corpus: 4500, signal 157051/191776 (executing program) 2025/09/01 11:37:59 fetching corpus: 4550, signal 157373/192203 (executing program) 2025/09/01 11:37:59 fetching corpus: 4600, signal 157745/192607 (executing program) 2025/09/01 11:37:59 fetching corpus: 4650, signal 158701/193007 (executing program) 2025/09/01 11:37:59 fetching corpus: 4700, signal 159100/193406 (executing program) 2025/09/01 11:37:59 fetching corpus: 4750, signal 159521/193573 (executing program) 2025/09/01 11:37:59 fetching corpus: 4800, signal 160016/193603 (executing program) 2025/09/01 11:37:59 fetching corpus: 4850, signal 160605/193608 (executing program) 2025/09/01 11:37:59 fetching corpus: 4900, signal 161011/193608 (executing program) 2025/09/01 11:38:00 fetching corpus: 4950, signal 161429/193609 (executing program) 2025/09/01 11:38:00 fetching corpus: 5000, signal 161809/193621 (executing program) 2025/09/01 11:38:00 fetching corpus: 5050, signal 162549/193657 (executing program) 2025/09/01 11:38:00 fetching corpus: 5100, signal 162901/193657 (executing program) 2025/09/01 11:38:00 fetching corpus: 5150, signal 163558/193658 (executing program) 2025/09/01 11:38:00 fetching corpus: 5200, signal 163962/193659 (executing program) 2025/09/01 11:38:00 fetching corpus: 5250, signal 164369/193705 (executing program) 2025/09/01 11:38:00 fetching corpus: 5300, signal 164758/193710 (executing program) 2025/09/01 11:38:00 fetching corpus: 5350, signal 165130/193729 (executing program) 2025/09/01 11:38:00 fetching corpus: 5400, signal 165483/193734 (executing program) 2025/09/01 11:38:00 fetching corpus: 5450, signal 165858/193760 (executing program) 2025/09/01 11:38:00 fetching corpus: 5500, signal 166428/193761 (executing program) 2025/09/01 11:38:01 fetching corpus: 5550, signal 166748/193764 (executing program) 2025/09/01 11:38:01 fetching corpus: 5600, signal 167154/193766 (executing program) 2025/09/01 11:38:01 fetching corpus: 5650, signal 167595/193771 (executing program) 2025/09/01 11:38:01 fetching corpus: 5700, signal 168053/193776 (executing program) 2025/09/01 11:38:01 fetching corpus: 5750, signal 168530/193821 (executing program) 2025/09/01 11:38:01 fetching corpus: 5800, signal 168738/193832 (executing program) 2025/09/01 11:38:01 fetching corpus: 5850, signal 169003/193832 (executing program) 2025/09/01 11:38:01 fetching corpus: 5900, signal 169469/193836 (executing program) 2025/09/01 11:38:01 fetching corpus: 5950, signal 169851/193836 (executing program) 2025/09/01 11:38:01 fetching corpus: 6000, signal 170291/193838 (executing program) 2025/09/01 11:38:01 fetching corpus: 6050, signal 170581/193843 (executing program) 2025/09/01 11:38:01 fetching corpus: 6100, signal 170942/193845 (executing program) 2025/09/01 11:38:01 fetching corpus: 6150, signal 171500/193858 (executing program) 2025/09/01 11:38:02 fetching corpus: 6200, signal 171853/193859 (executing program) 2025/09/01 11:38:02 fetching corpus: 6250, signal 172198/193861 (executing program) 2025/09/01 11:38:02 fetching corpus: 6300, signal 172555/193862 (executing program) 2025/09/01 11:38:02 fetching corpus: 6350, signal 172871/193881 (executing program) 2025/09/01 11:38:02 fetching corpus: 6400, signal 173220/193933 (executing program) 2025/09/01 11:38:02 fetching corpus: 6450, signal 173935/193961 (executing program) 2025/09/01 11:38:02 fetching corpus: 6500, signal 174242/193971 (executing program) 2025/09/01 11:38:02 fetching corpus: 6550, signal 174630/193974 (executing program) 2025/09/01 11:38:02 fetching corpus: 6600, signal 174929/193977 (executing program) 2025/09/01 11:38:02 fetching corpus: 6650, signal 175355/193977 (executing program) 2025/09/01 11:38:02 fetching corpus: 6700, signal 175749/193992 (executing program) 2025/09/01 11:38:03 fetching corpus: 6750, signal 176107/193998 (executing program) 2025/09/01 11:38:03 fetching corpus: 6800, signal 176274/194005 (executing program) 2025/09/01 11:38:03 fetching corpus: 6850, signal 176588/194005 (executing program) 2025/09/01 11:38:03 fetching corpus: 6900, signal 176842/194017 (executing program) 2025/09/01 11:38:03 fetching corpus: 6950, signal 177132/194017 (executing program) 2025/09/01 11:38:03 fetching corpus: 7000, signal 177570/194017 (executing program) 2025/09/01 11:38:03 fetching corpus: 7050, signal 177958/194031 (executing program) 2025/09/01 11:38:03 fetching corpus: 7100, signal 178325/194031 (executing program) 2025/09/01 11:38:03 fetching corpus: 7150, signal 178547/194035 (executing program) 2025/09/01 11:38:03 fetching corpus: 7200, signal 178738/194049 (executing program) 2025/09/01 11:38:03 fetching corpus: 7250, signal 179038/194053 (executing program) 2025/09/01 11:38:04 fetching corpus: 7300, signal 181087/194055 (executing program) 2025/09/01 11:38:04 fetching corpus: 7350, signal 181475/194072 (executing program) 2025/09/01 11:38:04 fetching corpus: 7399, signal 181827/194073 (executing program) 2025/09/01 11:38:04 fetching corpus: 7449, signal 182425/194082 (executing program) 2025/09/01 11:38:04 fetching corpus: 7499, signal 182739/194087 (executing program) 2025/09/01 11:38:04 fetching corpus: 7549, signal 182964/194092 (executing program) 2025/09/01 11:38:04 fetching corpus: 7599, signal 183232/194112 (executing program) 2025/09/01 11:38:04 fetching corpus: 7648, signal 183518/194140 (executing program) 2025/09/01 11:38:04 fetching corpus: 7698, signal 183844/194155 (executing program) 2025/09/01 11:38:04 fetching corpus: 7748, signal 184241/194167 (executing program) 2025/09/01 11:38:04 fetching corpus: 7798, signal 184589/194181 (executing program) 2025/09/01 11:38:05 fetching corpus: 7848, signal 184837/194197 (executing program) 2025/09/01 11:38:05 fetching corpus: 7898, signal 185137/194228 (executing program) 2025/09/01 11:38:05 fetching corpus: 7948, signal 185442/194233 (executing program) 2025/09/01 11:38:05 fetching corpus: 7998, signal 185743/194239 (executing program) 2025/09/01 11:38:05 fetching corpus: 8048, signal 186062/194241 (executing program) 2025/09/01 11:38:05 fetching corpus: 8097, signal 186342/194311 (executing program) 2025/09/01 11:38:05 fetching corpus: 8147, signal 186573/194324 (executing program) 2025/09/01 11:38:05 fetching corpus: 8197, signal 186933/194326 (executing program) 2025/09/01 11:38:05 fetching corpus: 8247, signal 187189/194333 (executing program) 2025/09/01 11:38:05 fetching corpus: 8297, signal 187457/194338 (executing program) 2025/09/01 11:38:05 fetching corpus: 8347, signal 187701/194343 (executing program) 2025/09/01 11:38:05 fetching corpus: 8397, signal 187896/194351 (executing program) 2025/09/01 11:38:06 fetching corpus: 8447, signal 188107/194375 (executing program) 2025/09/01 11:38:06 fetching corpus: 8497, signal 188379/194393 (executing program) 2025/09/01 11:38:06 fetching corpus: 8547, signal 188668/194396 (executing program) 2025/09/01 11:38:06 fetching corpus: 8597, signal 189176/194396 (executing program) 2025/09/01 11:38:06 fetching corpus: 8647, signal 189347/194396 (executing program) 2025/09/01 11:38:06 fetching corpus: 8697, signal 189664/194396 (executing program) 2025/09/01 11:38:06 fetching corpus: 8747, signal 189939/194400 (executing program) 2025/09/01 11:38:06 fetching corpus: 8797, signal 190174/194402 (executing program) 2025/09/01 11:38:06 fetching corpus: 8847, signal 190392/194404 (executing program) 2025/09/01 11:38:06 fetching corpus: 8897, signal 190655/194411 (executing program) 2025/09/01 11:38:06 fetching corpus: 8947, signal 190952/194411 (executing program) 2025/09/01 11:38:06 fetching corpus: 8997, signal 191204/194413 (executing program) 2025/09/01 11:38:07 fetching corpus: 9047, signal 191542/194416 (executing program) 2025/09/01 11:38:07 fetching corpus: 9051, signal 191598/194416 (executing program) 2025/09/01 11:38:07 fetching corpus: 9051, signal 191598/194416 (executing program) 2025/09/01 11:38:09 starting 8 fuzzer processes 11:38:09 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r1, 0xb341daa0822653b3, 0x0, 0x0, {0x6}}, 0x14}}, 0x0) 11:38:09 executing program 1: clone3(&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x58) 11:38:09 executing program 7: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d1, &(0x7f0000000100)=0xfffffffd) 11:38:09 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TCSETSW(r0, 0x80045438, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "d724b9d80cdcbde661c6a666d13d0ea35cc8c0"}) 11:38:09 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f80000", 0x18}], 0x0, &(0x7f00000000c0)) 11:38:09 executing program 4: syz_emit_ethernet(0x6e, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x600, {0x0, 0x6, "825915", 0x0, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, [@dstopts]}}}}}}}, 0x0) [ 80.184948] audit: type=1400 audit(1756726689.265:7): avc: denied { execmem } for pid=271 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:38:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r1 = dup(r0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000100)={0x53, 0x0, 0x6, 0xe5, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000080)="a873d6abd06f", 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0}) 11:38:09 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 81.427407] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.429362] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.432328] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.434155] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.435610] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.438276] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.440661] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.445271] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.448110] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.453203] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.487568] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.490552] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.492720] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.494443] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.497940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.500404] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.504432] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.506759] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.513340] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 81.519566] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 81.521243] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 81.525556] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.528549] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 81.538104] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.541952] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.543630] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.544761] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.546367] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.549355] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.553111] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.556129] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.559372] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.561715] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.564431] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.567130] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 81.571532] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.587240] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.589691] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 81.602709] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.613958] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 83.516817] Bluetooth: hci0: command tx timeout [ 83.516841] Bluetooth: hci1: command tx timeout [ 83.580982] Bluetooth: hci3: command tx timeout [ 83.581516] Bluetooth: hci2: command tx timeout [ 83.643938] Bluetooth: hci5: command tx timeout [ 83.644909] Bluetooth: hci6: command tx timeout [ 83.645364] Bluetooth: hci7: command tx timeout [ 83.645882] Bluetooth: hci4: command tx timeout [ 85.563881] Bluetooth: hci0: command tx timeout [ 85.564845] Bluetooth: hci1: command tx timeout [ 85.627952] Bluetooth: hci3: command tx timeout [ 85.628855] Bluetooth: hci2: command tx timeout [ 85.693829] Bluetooth: hci4: command tx timeout [ 85.693864] Bluetooth: hci7: command tx timeout [ 85.694596] Bluetooth: hci6: command tx timeout [ 85.695021] Bluetooth: hci5: command tx timeout [ 87.613050] Bluetooth: hci1: command tx timeout [ 87.613070] Bluetooth: hci0: command tx timeout [ 87.677811] Bluetooth: hci2: command tx timeout [ 87.678222] Bluetooth: hci3: command tx timeout [ 87.739831] Bluetooth: hci6: command tx timeout [ 87.739876] Bluetooth: hci5: command tx timeout [ 87.740258] Bluetooth: hci7: command tx timeout [ 87.740627] Bluetooth: hci4: command tx timeout [ 89.659952] Bluetooth: hci1: command tx timeout [ 89.661741] Bluetooth: hci0: command tx timeout [ 89.724919] Bluetooth: hci3: command tx timeout [ 89.725324] Bluetooth: hci2: command tx timeout [ 89.788522] Bluetooth: hci7: command tx timeout [ 89.788964] Bluetooth: hci5: command tx timeout [ 89.789356] Bluetooth: hci6: command tx timeout [ 89.789746] Bluetooth: hci4: command tx timeout [ 118.235359] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.236186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.389511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.390201] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:38:47 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="280000001d00010000000000000000000700000001"], 0x28}], 0x1}, 0x0) [ 118.990681] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 118.998728] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 11:38:48 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="280000001d00010000000000000000000700000001"], 0x28}], 0x1}, 0x0) [ 119.088794] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.089404] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.091595] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 11:38:48 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="280000001d00010000000000000000000700000001"], 0x28}], 0x1}, 0x0) [ 119.210266] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 119.235127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.235691] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:38:48 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="280000001d00010000000000000000000700000001"], 0x28}], 0x1}, 0x0) [ 119.308017] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 11:38:48 executing program 5: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0) ioctl$CDROMREADMODE1(r0, 0x30d, &(0x7f0000000400)) 11:38:48 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000004fc0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000001a40)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "2f3663c2b228265b519f686ced4979bbe74fe4fa7108b8f371ea96b323d1ba7cb85399d30530085781dd50c4fde896320e5831dfbb988c3e0c8c77749d4a30"}, 0x80, 0x0}}], 0x2, 0x0) [ 120.038854] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.039475] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.130421] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.131010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.344008] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.344616] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.422637] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.423350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.664363] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.665318] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.762565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.763964] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.866413] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.867078] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.968557] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.969167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.090794] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.091419] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.122442] I/O error, dev loop3, sector 29056 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 121.123262] FAT-fs (loop3): bread failed, FSINFO block (sector = 7264) [ 121.133430] I/O error, dev loop3, sector 29056 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 121.134241] FAT-fs (loop3): bread failed, FSINFO block (sector = 7264) [ 121.169486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.170225] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.222482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.223384] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.294744] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.295414] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 11:38:50 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_buf(r1, 0x0, 0x4, 0x0, 0x0) 11:38:50 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4442, 0x0) pwrite64(r0, &(0x7f0000000140)=' ', 0x1, 0x0) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x13, r0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x0, &(0x7f0000000000), 0x0, 0x4) writev(r0, &(0x7f0000001640)=[{&(0x7f0000000080)="b9", 0x1}], 0x1) 11:38:50 executing program 7: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d1, &(0x7f0000000100)=0xfffffffd) 11:38:50 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_DISALLOCATE(r0, 0x5608) 11:38:50 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 11:38:50 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0x404c534a, &(0x7f00000001c0)={{}, 'port0\x00'}) 11:38:50 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f80000", 0x18}], 0x0, &(0x7f00000000c0)) 11:38:50 executing program 4: syz_emit_ethernet(0x6e, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x600, {0x0, 0x6, "825915", 0x0, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, [@dstopts]}}}}}}}, 0x0) [ 121.491798] audit: type=1400 audit(1756726730.572:8): avc: denied { open } for pid=3907 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.498067] audit: type=1400 audit(1756726730.572:9): avc: denied { kernel } for pid=3907 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 11:38:50 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 121.527665] I/O error, dev loop3, sector 29056 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 121.529576] FAT-fs (loop3): bread failed, FSINFO block (sector = 7264) 11:38:50 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f80000", 0x18}], 0x0, &(0x7f00000000c0)) 11:38:50 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0x404c534a, &(0x7f00000001c0)={{}, 'port0\x00'}) 11:38:50 executing program 4: syz_emit_ethernet(0x6e, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x600, {0x0, 0x6, "825915", 0x0, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, [@dstopts]}}}}}}}, 0x0) 11:38:50 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_buf(r1, 0x0, 0x4, 0x0, 0x0) 11:38:50 executing program 6: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 121.643979] I/O error, dev loop3, sector 29056 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 121.646284] FAT-fs (loop3): bread failed, FSINFO block (sector = 7264) 11:38:50 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0x404c534a, &(0x7f00000001c0)={{}, 'port0\x00'}) 11:38:50 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_buf(r1, 0x0, 0x4, 0x0, 0x0) 11:38:50 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000400)={@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x1, 0x0, 0xd}, 0x20) 11:38:50 executing program 4: syz_emit_ethernet(0x6e, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b1000", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x600, {0x0, 0x6, "825915", 0x0, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, [@dstopts]}}}}}}}, 0x0) 11:38:50 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x22, 0x0, &(0x7f00000023c0)) 11:38:50 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73668553b300080820000400008000f80000", 0x18}], 0x0, &(0x7f00000000c0)) 11:38:50 executing program 7: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d1, &(0x7f0000000100)=0xfffffffd) 11:38:50 executing program 6: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = epoll_create(0x6) r2 = epoll_create(0x6) r3 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000180)={0x20000011}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000180)={0x20000000}) dup2(r0, r1) socket$inet(0x2, 0x4, 0x0) [ 121.758687] audit: type=1400 audit(1756726730.839:10): avc: denied { block_suspend } for pid=3940 comm="syz-executor.6" capability=36 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [ 121.771794] I/O error, dev loop3, sector 29056 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 121.772631] FAT-fs (loop3): bread failed, FSINFO block (sector = 7264) [ 121.783745] kmemleak: Found object by alias at 0x607f1a63e2ac [ 121.783767] CPU: 0 UID: 0 PID: 3936 Comm: syz-executor.0 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.783789] Tainted: [W]=WARN [ 121.783793] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.783801] Call Trace: [ 121.783806] [ 121.783811] dump_stack_lvl+0xca/0x120 [ 121.783844] __lookup_object+0x94/0xb0 [ 121.783863] delete_object_full+0x27/0x70 [ 121.783880] free_percpu+0x30/0x1160 [ 121.783898] ? arch_uprobe_clear_state+0x16/0x140 [ 121.783920] futex_hash_free+0x38/0xc0 [ 121.783936] mmput+0x2d3/0x390 [ 121.783955] do_exit+0x79d/0x2970 [ 121.783970] ? signal_wake_up_state+0x85/0x120 [ 121.783987] ? zap_other_threads+0x2b9/0x3a0 [ 121.784004] ? __pfx_do_exit+0x10/0x10 [ 121.784017] ? do_group_exit+0x1c3/0x2a0 [ 121.784032] ? lock_release+0xc8/0x290 [ 121.784050] do_group_exit+0xd3/0x2a0 [ 121.784066] __x64_sys_exit_group+0x3e/0x50 [ 121.784081] x64_sys_call+0x18c5/0x18d0 [ 121.784097] do_syscall_64+0xbf/0x360 [ 121.784111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.784124] RIP: 0033:0x7efc11110b19 [ 121.784132] Code: Unable to access opcode bytes at 0x7efc11110aef. [ 121.784138] RSP: 002b:00007ffd97cbbd38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 121.784150] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007efc11110b19 [ 121.784158] RDX: 00007efc110c372b RSI: ffffffffffffffbc RDI: 0000000000000000 [ 121.784166] RBP: 0000000000000000 R08: 0000001b2cb24258 R09: 0000000000000000 [ 121.784173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.784180] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd97cbbe20 [ 121.784198] [ 121.784202] kmemleak: Object (percpu) 0x607f1a63e2a8 (size 8): [ 121.784208] kmemleak: comm "syz-executor.2", pid 3949, jiffies 4294788411 [ 121.784216] kmemleak: min_count = 1 [ 121.784220] kmemleak: count = 0 [ 121.784223] kmemleak: flags = 0x21 [ 121.784227] kmemleak: checksum = 0 [ 121.784231] kmemleak: backtrace: [ 121.784235] pcpu_alloc_noprof+0x87a/0x1170 [ 121.784251] perf_trace_event_init+0x366/0xa10 [ 121.784265] perf_trace_init+0x1a4/0x2f0 [ 121.784278] perf_tp_event_init+0xa6/0x120 [ 121.784295] perf_try_init_event+0x140/0x9f0 [ 121.784309] perf_event_alloc.part.0+0x118e/0x45f0 [ 121.784326] __do_sys_perf_event_open+0x719/0x2c20 [ 121.784340] do_syscall_64+0xbf/0x360 [ 121.784349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.826634] kmemleak: Found object by alias at 0x607f1a63d124 [ 121.826648] CPU: 0 UID: 0 PID: 3942 Comm: syz-executor.1 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.826666] Tainted: [W]=WARN [ 121.826670] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.826677] Call Trace: [ 121.826681] [ 121.826685] dump_stack_lvl+0xca/0x120 [ 121.826708] __lookup_object+0x94/0xb0 [ 121.826724] delete_object_full+0x27/0x70 [ 121.826741] free_percpu+0x30/0x1160 [ 121.826761] ? arch_uprobe_clear_state+0x16/0x140 [ 121.826781] futex_hash_free+0x38/0xc0 [ 121.826795] mmput+0x2d3/0x390 [ 121.826814] do_exit+0x79d/0x2970 [ 121.826828] ? lock_release+0xc8/0x290 [ 121.826844] ? __pfx_do_exit+0x10/0x10 [ 121.826859] ? find_held_lock+0x2b/0x80 [ 121.826877] ? get_signal+0x835/0x2340 [ 121.826897] do_group_exit+0xd3/0x2a0 [ 121.826913] get_signal+0x2315/0x2340 [ 121.826936] ? __pfx_get_signal+0x10/0x10 [ 121.826953] ? do_futex+0x135/0x370 [ 121.826967] ? __pfx_do_futex+0x10/0x10 [ 121.826982] arch_do_signal_or_restart+0x80/0x790 [ 121.827001] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 121.827018] ? __x64_sys_futex+0x1c9/0x4d0 [ 121.827030] ? __x64_sys_futex+0x1d2/0x4d0 [ 121.827044] ? __sys_socket+0x9f/0x260 [ 121.827061] ? __pfx___x64_sys_futex+0x10/0x10 [ 121.827075] ? xfd_validate_state+0x55/0x180 [ 121.827096] exit_to_user_mode_loop+0x8b/0x110 [ 121.827110] do_syscall_64+0x2f7/0x360 [ 121.827123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.827135] RIP: 0033:0x7fb5d5e9eb19 [ 121.827144] Code: Unable to access opcode bytes at 0x7fb5d5e9eaef. [ 121.827149] RSP: 002b:00007fb5d3414218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.827161] RAX: 0000000000000000 RBX: 00007fb5d5fb1f68 RCX: 00007fb5d5e9eb19 [ 121.827168] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb5d5fb1f68 [ 121.827175] RBP: 00007fb5d5fb1f60 R08: 0000000000000000 R09: 0000000000000000 [ 121.827183] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb5d5fb1f6c [ 121.827190] R13: 00007ffff8414bbf R14: 00007fb5d3414300 R15: 0000000000022000 [ 121.827206] [ 121.827210] kmemleak: Object (percpu) 0x607f1a63d120 (size 8): [ 121.827217] kmemleak: comm "syz-executor.6", pid 3944, jiffies 4294788384 [ 121.827224] kmemleak: min_count = 1 [ 121.827228] kmemleak: count = 0 [ 121.827232] kmemleak: flags = 0x21 [ 121.827235] kmemleak: checksum = 0 [ 121.827239] kmemleak: backtrace: [ 121.827243] pcpu_alloc_noprof+0x87a/0x1170 [ 121.827258] perf_trace_event_init+0x366/0xa10 [ 121.827272] perf_trace_init+0x1a4/0x2f0 [ 121.827284] perf_tp_event_init+0xa6/0x120 [ 121.827300] perf_try_init_event+0x140/0x9f0 [ 121.827313] perf_event_alloc.part.0+0x118e/0x45f0 [ 121.827330] __do_sys_perf_event_open+0x719/0x2c20 [ 121.827343] do_syscall_64+0xbf/0x360 [ 121.827352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.885232] kmemleak: Cannot insert 0x607f1a63d124 into the object search tree (overlaps existing) [ 121.885247] CPU: 0 UID: 0 PID: 3955 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.885265] Tainted: [W]=WARN [ 121.885269] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.885275] Call Trace: [ 121.885279] [ 121.885283] dump_stack_lvl+0xca/0x120 [ 121.885310] __link_object+0x190/0x210 [ 121.885328] __create_object+0x48/0x80 [ 121.885346] pcpu_alloc_noprof+0x87a/0x1170 [ 121.885369] packet_create+0x1f1/0x8d0 [ 121.885391] __sock_create+0x369/0x810 [ 121.885408] __sys_socket+0x145/0x260 [ 121.885423] ? __pfx___sys_socket+0x10/0x10 [ 121.885442] __x64_sys_socket+0x73/0xb0 [ 121.885457] do_syscall_64+0xbf/0x360 [ 121.885470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.885482] RIP: 0033:0x7fcd0d094b19 [ 121.885490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.885502] RSP: 002b:00007fcd0a60a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 121.885514] RAX: ffffffffffffffda RBX: 00007fcd0d1a7f60 RCX: 00007fcd0d094b19 [ 121.885521] RDX: 0000000000000300 RSI: 0000000000000002 RDI: 0000000000000011 [ 121.885528] RBP: 00007fcd0d0eef6d R08: 0000000000000000 R09: 0000000000000000 [ 121.885536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 121.885542] R13: 00007fffb1ac68cf R14: 00007fcd0a60a300 R15: 0000000000022000 [ 121.885558] [ 121.886110] kmemleak: Kernel memory leak detector disabled [ 121.886114] kmemleak: Object (percpu) 0x607f1a63d120 (size 8): [ 121.886121] kmemleak: comm "syz-executor.6", pid 3944, jiffies 4294788384 [ 121.886128] kmemleak: min_count = 1 [ 121.886132] kmemleak: count = 0 [ 121.886136] kmemleak: flags = 0x21 [ 121.886140] kmemleak: checksum = 0 [ 121.886143] kmemleak: backtrace: [ 121.886147] pcpu_alloc_noprof+0x87a/0x1170 [ 121.886163] perf_trace_event_init+0x366/0xa10 [ 121.886175] perf_trace_init+0x1a4/0x2f0 [ 121.886188] perf_tp_event_init+0xa6/0x120 [ 121.886203] perf_try_init_event+0x140/0x9f0 [ 121.886217] perf_event_alloc.part.0+0x118e/0x45f0 [ 121.886234] __do_sys_perf_event_open+0x719/0x2c20 [ 121.886247] do_syscall_64+0xbf/0x360 [ 121.886256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.934839] kmemleak: Found object by alias at 0x607f1a63d124 [ 121.934853] CPU: 0 UID: 0 PID: 3954 Comm: syz-executor.5 Tainted: G W 6.17.0-rc4-next-20250901 #1 PREEMPT(voluntary) [ 121.934870] Tainted: [W]=WARN [ 121.934874] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.934881] Call Trace: [ 121.934884] [ 121.934889] dump_stack_lvl+0xca/0x120 [ 121.934910] __lookup_object+0x94/0xb0 [ 121.934926] delete_object_full+0x27/0x70 [ 121.934943] free_percpu+0x30/0x1160 [ 121.934963] packet_release+0x90d/0xc30 [ 121.934978] ? __pfx_packet_release+0x10/0x10 [ 121.934990] ? __pfx_down_write+0x10/0x10 [ 121.935004] ? __pfx_locks_remove_file+0x10/0x10 [ 121.935022] __sock_release+0xb3/0x270 [ 121.935034] ? __pfx_sock_close+0x10/0x10 [ 121.935044] sock_close+0x1c/0x30 [ 121.935054] __fput+0x401/0xb50 [ 121.935074] fput_close_sync+0x10f/0x240 [ 121.935091] ? __pfx_fput_close_sync+0x10/0x10 [ 121.935106] ? dnotify_flush+0x79/0x4c0 [ 121.935123] __x64_sys_close+0x8f/0x120 [ 121.935142] do_syscall_64+0xbf/0x360 [ 121.935154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.935166] RIP: 0033:0x7fcd0d04772b [ 121.935175] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 121.935187] RSP: 002b:00007fffb1ac6930 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 121.935198] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fcd0d04772b [ 121.935206] RDX: 00007fcd0d1ac568 RSI: ffffffff84bb774c RDI: 0000000000000003 [ 121.935213] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b2d021b60 [ 121.935224] R10: 0000000000001a87 R11: 0000000000000293 R12: 000000000001db90 [ 121.935231] R13: 00000000000003e8 R14: 00007fcd0d1a7f60 R15: 000000000001db63 [ 121.935244] ? do_syscall_64+0x12c/0x360 [ 121.935258] [ 121.935262] kmemleak: Object (percpu) 0x607f1a63d120 (size 8): [ 121.935268] kmemleak: comm "syz-executor.6", pid 3944, jiffies 4294788384 [ 121.935275] kmemleak: min_count = 1 [ 121.935279] kmemleak: count = 0 [ 121.935283] kmemleak: flags = 0x21 [ 121.935287] kmemleak: checksum = 0 [ 121.935290] kmemleak: backtrace: [ 121.935293] pcpu_alloc_noprof+0x87a/0x1170 [ 121.935309] perf_trace_event_init+0x366/0xa10 [ 121.935321] perf_trace_init+0x1a4/0x2f0 [ 121.935334] perf_tp_event_init+0xa6/0x120 [ 121.935349] perf_try_init_event+0x140/0x9f0 [ 121.935362] perf_event_alloc.part.0+0x118e/0x45f0 [ 121.935379] __do_sys_perf_event_open+0x719/0x2c20 [ 121.935392] do_syscall_64+0xbf/0x360 [ 121.935402] entry_SYSCALL_64_after_hwframe+0x77/0x7f 11:38:50 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) sendmsg(r0, &(0x7f00000007c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, 0x0}, 0x0) 11:38:50 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_buf(r1, 0x0, 0x4, 0x0, 0x0) 11:38:51 executing program 7: setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="d9543038a1b282d50a0127a3fe787904192e365d99dfc335cf588132eba1a51d12f95180d319ee1e7666ca07423b043d77f268a4db33451cf00ae47cb045f9bc4e0385ab32e07ac5000000000000000032", 0x51) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vcan0\x00'}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d1, &(0x7f0000000100)=0xfffffffd) 11:38:51 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0x404c534a, &(0x7f00000001c0)={{}, 'port0\x00'}) 11:38:51 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0x5) setuid(r1) perf_event_open(&(0x7f0000000340)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:38:51 executing program 4: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close(r0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 11:38:51 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r0, 0x5606, 0x7) 11:38:51 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) sendmsg(r0, &(0x7f00000007c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, 0x0}, 0x0) 11:38:51 executing program 6: perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x6) r1 = epoll_create(0x6) r2 = epoll_create(0x6) r3 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000180)={0x20000011}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000180)={0x20000000}) dup2(r0, r1) socket$inet(0x2, 0x4, 0x0) 11:38:51 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x22, 0x0, &(0x7f00000023c0)) 11:38:51 executing program 3: pipe(&(0x7f00000002c0)) 11:38:51 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x22, 0x0, &(0x7f00000023c0)) 11:38:51 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x10, 0x0, &(0x7f0000000140)) 11:38:51 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req3={0x1000, 0x1, 0x400, 0x4}, 0x1c) sendmsg(r0, &(0x7f00000007c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, 0x0}, 0x0) 11:38:51 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000009c0)={{{@in=@dev, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@local}}, 0xe8) close(r0) 11:38:51 executing program 0: io_setup(0x8, &(0x7f0000000040)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) io_submit(r0, 0x1, &(0x7f0000001e00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) r3 = dup3(r2, r1, 0x0) recvmsg$unix(r2, &(0x7f0000005600)={0x0, 0x0, 0x0}, 0x0) write$eventfd(r3, 0x0, 0x0) 11:38:51 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, "698f88dc19037539ac8e31a2983fc71c65b9d788d7d016befef00dedc5ab6ce6"}) 11:38:51 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x22, 0x0, &(0x7f00000023c0)) [ 122.416575] kmemleak: Automatic memory scanning thread ended [ 204.411943] Bluetooth: hci7: command 0x0406 tx timeout [ 204.414740] Bluetooth: hci2: command 0x0406 tx timeout [ 204.415816] Bluetooth: hci5: command 0x0406 tx timeout [ 204.416111] Bluetooth: hci6: command 0x0406 tx timeout [ 204.416742] Bluetooth: hci4: command 0x0406 tx timeout [ 204.417997] Bluetooth: hci3: command 0x0406 tx timeout [ 204.418641] Bluetooth: hci1: command 0x0406 tx timeout [ 204.419615] Bluetooth: hci0: command 0x0406 tx timeout [ 275.579909] INFO: task syz-executor.0:4008 blocked for more than 143 seconds. [ 275.581400] Tainted: G W 6.17.0-rc4-next-20250901 #1 [ 275.582677] Blocked by coredump. [ 275.589065] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 275.590489] task:syz-executor.0 state:D stack:28704 pid:4008 tgid:3993 ppid:283 task_flags:0x40044c flags:0x00004000 [ 275.592486] Call Trace: [ 275.592986] [ 275.593402] __schedule+0xe7e/0x3590 [ 275.594161] ? __pfx___schedule+0x10/0x10 [ 275.594954] ? lock_acquire+0x15e/0x2f0 [ 275.595661] ? find_held_lock+0x2b/0x80 [ 275.596445] ? schedule+0x2c7/0x390 [ 275.597149] ? lock_release+0xc8/0x290 [ 275.597908] schedule+0xdb/0x390 [ 275.598532] schedule_timeout+0x244/0x280 [ 275.599310] ? __pfx_schedule_timeout+0x10/0x10 [ 275.600181] ? register_lock_class+0x18b/0x560 [ 275.601030] ? find_held_lock+0x2b/0x80 [ 275.601752] ? do_wait_for_common+0x1a5/0x440 [ 275.602633] ? lock_release+0xc8/0x290 [ 275.603377] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 275.604336] do_wait_for_common+0x1b2/0x440 [ 275.605156] ? __pfx_schedule_timeout+0x10/0x10 [ 275.606040] ? __pfx_do_wait_for_common+0x10/0x10 [ 275.606946] ? do_raw_spin_lock+0x123/0x260 [ 275.607715] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 275.608604] wait_for_completion+0x4a/0x60 [ 275.609400] exit_aio+0x2df/0x350 [ 275.610096] ? __pfx_exit_aio+0x10/0x10 [ 275.610880] ? arch_uprobe_clear_state+0x16/0x140 [ 275.611802] mmput+0xcd/0x390 [ 275.612386] do_exit+0x79d/0x2970 [ 275.613067] ? __pfx_do_exit+0x10/0x10 [ 275.613798] ? find_held_lock+0x2b/0x80 [ 275.614524] ? get_signal+0x835/0x2340 [ 275.615280] do_group_exit+0xd3/0x2a0 [ 275.616014] get_signal+0x2315/0x2340 [ 275.616705] ? __fget_files+0x203/0x3b0 [ 275.617467] ? __pfx_get_signal+0x10/0x10 [ 275.618283] arch_do_signal_or_restart+0x80/0x790 [ 275.619184] ? __sys_recvmsg+0x171/0x200 [ 275.619947] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 275.620945] ? __x64_sys_futex+0x1c9/0x4d0 [ 275.621715] exit_to_user_mode_loop+0x8b/0x110 [ 275.622585] do_syscall_64+0x2f7/0x360 [ 275.623344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.624298] RIP: 0033:0x7efc11110b19 [ 275.625009] RSP: 002b:00007efc0e644188 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 275.626405] RAX: fffffffffffffe00 RBX: 00007efc112240e0 RCX: 00007efc11110b19 [ 275.627684] RDX: 0000000000000000 RSI: 0000000020005600 RDI: 0000000000000004 [ 275.628981] RBP: 00007efc1116af6d R08: 0000000000000000 R09: 0000000000000000 [ 275.630284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 275.631588] R13: 00007ffd97cbbb0f R14: 00007efc0e644300 R15: 0000000000022000 [ 275.632877] [ 275.633314] [ 275.633314] Showing all locks held in the system: [ 275.634449] 1 lock held by khungtaskd/32: [ 275.635203] #0: ffffffff85c1c760 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 275.636867] 1 lock held by in:imklog/174: [ 275.637588] #0: ffff888015d7f0b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a8/0x380 [ 275.639119] [ 275.639430] ============================================= [ 275.639430] VM DIAGNOSIS: 11:41:24 Registers: info registers vcpu 0 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828e5105 RDI=ffffffff88729280 RBP=ffffffff88729240 RSP=ffff888009a87960 R8 =0000000000000000 R9 =ffffed1001399046 R10=0000000000000020 R11=0000000000000001 R12=0000000000000020 R13=0000000000000010 R14=ffffffff88729240 R15=ffffffff828e50f0 RIP=ffffffff828e515d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e55d8000 00000000 00000000 LDT=0000 fffffe2300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055aabd359f28 CR3=000000002049e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=0000000000000000bfe62e42fefa39ef XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000015f3b5 RBX=0000000000000001 RCX=ffffffff84bbe5f7 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff814c8304 RBP=dffffc0000000000 RSP=ffff888009717e58 R8 =0000000000000001 R9 =ffffed100d9e630a R10=ffff88806cf31853 R11=0000000000000001 R12=ffffffff8643b450 R13=1ffff110012e2fd2 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff84bbd31e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e56d8000 00000000 00000000 LDT=0000 fffffe6a00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2c6ce3e4d0 CR3=000000001d424000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=2034323a31343a313120312020706553 XMM01=5d3737363238352e35373220205b203a XMM02=6b636f6c42202020202020205d373736 XMM03=656b2072656c6c616b7a79732034323a XMM04=31612038652063302034322034342039 XMM05=20666620666620306620303020643320 XMM06=20303020333020386220306320393820 XMM07=66206666206366203336203865206330 XMM08=36333d7974696c696261706163202236 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000